We live in the digital age. Email correspondence is commonplace,
business proposals are stored on computer systems, financial and legal
information is sent across networks. Nobody can get this information
other than the intended recipient, right?

Don't bet on it.

Just about everything you do while connected to a network can be easily
watched. System Administrators can rifle through your email, and
disgruntled employees can intercept copies of your financial and legal
documents as you transfer them across your LAN. Laptops are often
stolen, and the loss is much greater if the system also contains
confidential information.

Sending sensitive information in
email, transferring it around on a network, or even leaving it on your
hard drive is the digital equivalent of putting that information on a
neon billboard in Times Square.

Encryption is one of the most effective ways to ensure your information is secure. Correctly using a good
encryption package, such as GNU Privacy Guard (GnuPG), will help insure
your data remains private. Email sent encrypted with GnuPG can only be
decrypted by the person whom the message is intended. Encrypted
messages which are intercepted and stolen are worthless to anyone but
the intended recipient.

GnuPG is GPL Software that follows
the OpenPGP Standard. It is intended as a replacement for the PGP
encryption package, and does not use any patented encryption
algorithms. It can be downloaded from http://www.gnupg.org, and runs on Linux, FreeBSD, many other flavors of UNIX, as well as Windows.

Public Key Cryptography

Public Key Cryptography, also known as Asymmetric Cryptography, uses a
pair of keys, a public key and a secret key. The public key is used to
encrypt a message that only the corresponding secret key can decrypt.
The public key is meant to be distributed, while the secret key must
not. While the keys are related, it is mathematically impractical to
derive one key from the other.

An example would be that Susan
makes her public key available to the world by putting it on her
Website, emailing it to friends, etc. If I want to send Susan an
encrypted message, I would use GnuPG with Susan's public key to encrypt
the message, turning it from plaintext to ciphertext. Once the message
has been encrypted, only the person who has possession of Susan's
secret key is able decrypt it.

Once I encrypt the message for
Susan, I cannot derive the original message from the ciphertext.
Without access to Susan's secret key, the only way to decrypt the
message is by using a brute force attack. A brute force attempt would
require every possible key be tried in effort to decrypt the message.
This would take the computing equivalent of billions of mainframes
trillions and trillions of years.

We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.

...

[susan:~]$

Susan is prompted for her name, email address, comment, and passphrase. GNU Privacy Guard then starts generating the keys.

Once a pair of keys is generated, Susan needs to make her public key
available so others can send encrypted messages to her. This is done
with the "--export" option to the gpg command. The key is exported as a
binary file, which isn't suitable for emailing, so the "--armor"
command will ASCII armor the key. The key is also sent to stdout, to
send the output to a file, use the "--output" option as follows:

[susan:~]$ gpg --armor --output pubkey.asc --export susan@example.org

Now that susan has exported and distributed her key, I'll send her my
key (named rich.asc) so she can send me encrypted messages.

Susan just changed the router password and wants to notify me of the
change through email. Because of the sensitive nature of this message,
she doesn't want to send it as plaintext. She'll then create a file
called doc.txt with the following content:

After entering the correct passphrase for my secret key, GNU Privacy Guard decrypts the file as doc.txt as demonstrated:

[rich:~]$ cat doc.txt The new router password is "ro0t3r4dm!n"

GNU Privacy Guard also uses symmetric ciphers, which will enable you to
use the same key for both encryption and decryption. This is useful if
you want to encrypt important files on your system. When encrypting a
file with a symmetric cipher, you are prompted for a passphrase. Others
who know that passphrase are able to decrypt that file.

Here's an example of using a symmetric cipher to encrypt a file called sales.txt:

Now, someone using `gpg --decrypt` will be prompted for a passphrase,
only someone who knows the passphrase Susan used will be able to
decrypt her document.

Signing and Signature Verification

Being able to verify who sent a message is as important as the message
itself. GNU Privacy Guard allows users to place a digital signature on
both plaintext and ciphertext to validate their origin. In signing a
file, GNU Privacy Guard uses the secret key to sign, and the public key
is used to validate the signature. Therefore, signed files can be
verified by anyone who has access to the sender's public key.

In this example, Susan has a simple plaintext message, called email.txt, which contains:

Lunch meeting at 1 o'clock

She's going to sign the message with "--clearsign", and then email it to me:

Note how when "--output" is not specified, the decrypted contents go to stdout.

Putting it Together

To better illustrate the examples, I used the long options in this
article. Most of the options don't need to be written out in the long
format. Here's a few of the more common options, and their
corresponding long and short option flag:

If you're a fan of graphical user interfaces, you don't have to use
GnuPG from the command-line. A nice graphical front-end is TkPGP, and might make GNU Privacy Guard easier to use.

There's a lot more to GnuPG and cryptography than was covered in this intoductory article. Checking the documentation page will go a long way in helping you use GNU Privacy Guard more effectively.

GNU Privacy Guard allows you
to take control of your confidential information and ensures that your
privacy is not violated. After all, the only ones who probably care
about your privacy are the ones trying to invade it.